What are SPF and DKIM?
DMARC employs both SPF and DKIM to establish a framework for email authentication, enhancing the likelihood that emails are successfully delivered to their intended recipients. To understand this better, let’s explore what SPF and DKIM actually mean.
What is SPF?
SPF (Sender Policy Framework) is a protocol that allows domain owners to specify which IP addresses are authorized to send emails on behalf of their domain. This is done by publishing an SPF record in the domain's DNS. When an email is received, the receiving server checks the SPF record to verify if the sending server's IP address is authorized.
If the IP address matches the authorized list, the SPF check passes.
What is DKIM?
DKIM (DomainKeys Identified Mail) DKIM adds a digital signature to outgoing emails, which is created using a private key held by the sender's domain. The corresponding public key is published in the sender's DNS records. When an email is received, the recipient's server retrieves the public key to verify the signature, ensuring that the email was sent by the authorized domain and that its content has not been altered during transit.
Both SPF and DKIM are essential components of email authentication, and they work together with DMARC to provide a comprehensive solution for protecting email domains from unauthorized use and improving email security.
Why SPF & DKIM are not enough
DKIM can verify that an email isn't the exact email that was sent, and SPF can recommend that a receiving server should reject an email based on the IP, neither of these are effective at spoofing prevention.
Attackers can impersonate your email domain. If SPF and DKIM are correctly set, the email will pass both checks, enabling successful domain impersonation.
Why DMARC Helps
DMARC uses the validation results of both SPF and DKIM to determine if an email is authorized by the domain owner. If an email fails both SPF and DKIM validation (or alignment, as DMARC requires), DMARC can instruct receiving mail servers to reject or quarantine that email. This helps to prevent email spoofing and phishing attacks.
DMARC focuses on the domain found in the From: or Header from header which is visible to the end user.
Related: